kubernetes 网络 Traefik-Ingress + ingress

Traefik官网(默认V2.0版本)：

https://traefik.io/

官方手册(v1.7版本)：

https://doc.traefik.io/traefik/v1.7/

Github地址(v1.7版本):

https://github.com/traefik/traefik/releases

Traefik

# 必要条件：
1. Kubernetes 1.6+ only
2. Deploy Traefik using a Deployment or DaemonSet

下载Traefik 组件： 
  - rbac.yaml        (权限)
  - traefik-ds.yaml  (容器部署与调度) 
  - traefik-web.yaml (Traefik Web UI)

规划实施：

# 为了让Traefik web ui 能固定运行在Node1,需要给node1节点打标签(label)：
kubectl label nodes node1.example.com edgenode=true

# 查看node节点是否打上标签：
[root@k8s-master1 ingress]# kubectl get node --show-labels
NAME                      STATUS   ROLES    AGE   VERSION    LABELS
node1.example.com         Ready    <none>   54d   v1.19.14   beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,edgenode=true,kubernetes.io/arch=amd64,kubernetes.io/hostname=node1.example.com,kubernetes.io/os=linux
node2.example.com         Ready    <none>   54d   v1.19.14   beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=node2.example.com,kubernetes.io/os=linux

rbac.yaml(默认没有修改)

vim rabc.yaml
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: traefik-ingress-controller
rules:
  - apiGroups:
      - ""
    resources:
      - services
      - endpoints
      - secrets
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - extensions
    resources:
      - ingresses
    verbs:
      - get
      - list
      - watch
  - apiGroups:
    - extensions
    resources:
    - ingresses/status
    verbs:
    - update
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: traefik-ingress-controller
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: traefik-ingress-controller
subjects:
- kind: ServiceAccount
  name: traefik-ingress-controller
  namespace: kube-system

Traefik-ds.yaml (此文件有需要更改的地方多注意):

vim traefik-ds.yaml 

---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: traefik-ingress-controller
  namespace: kube-system
---
kind: DaemonSet
apiVersion: apps/v1
metadata:
  name: traefik-ingress-controller
  namespace: kube-system
  labels:
    k8s-app: traefik-ingress-lb
spec:
  selector:
    matchLabels:
      k8s-app: traefik-ingress-lb
      name: traefik-ingress-lb
  template:
    metadata:
      labels:
        k8s-app: traefik-ingress-lb
        name: traefik-ingress-lb
    spec:
      serviceAccountName: traefik-ingress-controller
      terminationGracePeriodSeconds: 60
      containers:
      - image: traefik:v1.7                          # 此处可以改成内部harbor网址
        name: traefik-ingress-lb
        ports:
        - name: http
          containerPort: 80
          hostPort: 80
        - name: admin
          containerPort: 8080
          hostPort: 8080
        securityContext:
          capabilities:
            drop:
            - ALL
            add:
            - NET_BIND_SERVICE
        args:
        - --api
        - --kubernetes
        - --logLevel=INFO
      nodeSelector:                  # node节点选择器
        edgenode: "true"             # 选择在edgenode 标签节点上运行
---
kind: Service
apiVersion: v1
metadata:
  name: traefik-ingress-service
  namespace: kube-system
spec:
  selector:
    k8s-app: traefik-ingress-lb
  ports:
    - protocol: TCP
      port: 80
      name: web
    - protocol: TCP
      port: 8080
      name: admin
  type: NodePort                        # 新增加service运行在nodeport类型上

安装traefik：

# 执行命令安装
kubectl apply -f rbac.yaml
kubectl apply -f traefik-ds.yaml

#kubectl apply -f traefik-web.yaml

# 查看运行是否成功：
[root@k8s-master1 ingress]# kubectl get daemonset -A
NAMESPACE     NAME                         DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR            AGE
kube-system   kube-flannel-ds              6         6         6       6            6           <none>                   54d
kube-system   kube-proxy                   6         6         6       6            6           kubernetes.io/os=linux   54d
kube-system   traefik-ingress-controller   1         1         1       1            1           edgenode=true            22h


# 查看权限：
[root@k8s-master1 ingress]# kubectl get ClusterRole -n kube-system
NAME                                                                   CREATED AT
......省去其他......
traefik-ingress-controller                                             2021-11-02T06:29:07Z

测试一下traefik web页面：

# 查看pods 是否运行：
kubectl get pods --namespace=kube-system

[root@k8s-master1 ingress]# kubectl get pods --namespace=kube-system
NAME                                              READY   STATUS    RESTARTS   AGE
traefik-ingress-controller-z8qqn                  1/1     Running   0          22h

# 直接访问Node1节点地址:
curl $(minikube ip)

[root@k8s-master1 ingress]# curl 192.168.10.16
404 page not found

*** 出现以上的信息表明配置成功.

创建Traefik Web UI：

vim traefik-web.yaml
---
apiVersion: v1
kind: Service
metadata:
  name: traefik-web-ui
  namespace: kube-system
spec:
  selector:
    k8s-app: traefik-ingress-lb
  ports:
  - name: web
    port: 80
    targetPort: 8080
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: traefik-web-ui
  namespace: kube-system
spec:
  rules:
  - host: dash.linux08.com                        # 这里要改成域名 dash.linux08.com
    http:
      paths:
      - path: /
        backend:
          serviceName: traefik-web-ui            # 这里是service 的名, kubectl get service -A 获取
          servicePort: 80                        # 80 是端口

修改hosts 文件，并访问网址：

#linux 下：
echo "192.168.10.16 dash.linux08.com" | sudo tee -a /etc/hosts


# windows下：
1 ） 修改hosts：
 192.168.10.16 dash.linux08.com

web 浏览器访问
http://dash.linux08.com/dashboard/   即可

---

Add a TLS Certificate to the Ingress